我正在寻找一个命令来以文本模式复制网站的证书,以便我可以将其与我拥有的证书进行比较。请帮我。
例如,我有我的服务器的 IP 10.112.***.***
。要获取我的服务器地址的证书:10.112.***.***:443
我们如何使用 Windows 中的命令来做到这一点?
答案1
获取我的服务器地址的证书:10.112.。:443 我们如何使用 Windows 中的命令来做到这一点?
安装 Shining Light Production 的Win32 OpenSSL。无论操作系统如何,命令都是相同的。然后(从 OS X 框):
$ openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com | \
openssl x509 -text -noout
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2625022969251558231 (0x246df47b897af357)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Google Inc, CN = Google Internet Authority G2
Validity
Not Before: Jun 30 15:20:05 2016 GMT
Not After : Sep 22 14:53:00 2016 GMT
Subject: C = US, ST = California, L = Mountain View, O = Google Inc, CN = www.google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ac:49:83:56:dc:06:b5:1b:77:7f:49:25:81:1e:
20:be:ea:06:6f:d5:61:a1:d8:f1:7c:ec:f6:15:53:
cf:35:42:13:3e:40:49:80:00:0e:85:b7:91:25:96:
59:2d:c9:9e:5f:95:e6:24:6b:c8:7d:0c:a6:fa:0e:
8f:a2:6a:0c:b1:14:3b:70:85:c4:b2:14:d2:2d:39:
31:74:06:f6:08:e9:bb:89:50:e9:fb:bd:ce:45:40:
45:b5:31:58:a4:3a:74:61:fc:53:ba:6a:06:f8:4c:
de:b8:72:34:1e:02:6b:09:43:65:7b:5f:c6:2f:ee:
ef:8f:e0:b4:b7:9d:d7:dc:24:b1:0a:51:21:1a:80:
f3:f1:cc:2f:9e:21:79:49:62:a2:22:b5:b2:e0:9f:
38:ca:e1:a2:ba:0c:9e:6d:d4:19:50:e9:40:7d:8e:
93:91:63:55:bc:1e:e1:7c:82:b5:dd:e2:79:85:93:
dd:54:67:f4:92:c9:a0:22:d2:46:0e:f0:0e:b4:43:
0d:ff:9a:a2:12:53:6c:7d:1a:c0:82:54:a3:36:1c:
40:43:bf:bc:ce:19:51:40:96:fa:35:e8:12:f6:3f:
45:c9:7c:ac:5f:25:ff:62:3d:dd:66:c4:87:7f:3c:
fc:45:ff:db:11:dc:59:eb:27:91:10:d0:6e:e0:fd:
2a:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:www.google.com
Authority Information Access:
CA Issuers - URI:http://pki.google.com/GIAG2.crt
OCSP - URI:http://clients1.google.com/ocsp
X509v3 Subject Key Identifier:
48:59:57:0D:D3:48:20:96:1B:7D:7A:3F:69:1D:DF:E4:5E:C4:21:6B
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.11129.2.5.1
Policy: 2.23.140.1.2.2
X509v3 CRL Distribution Points:
Full Name:
URI:http://pki.google.com/GIAG2.crl
Signature Algorithm: sha256WithRSAEncryption
1d:0e:32:85:6e:d6:db:3b:a3:7e:f3:19:22:33:38:57:50:61:
45:89:2e:30:f1:26:2f:b4:29:45:b6:9d:86:94:63:fa:b8:dc:
3c:08:2a:27:01:14:46:bc:a4:d7:ba:a3:63:1e:9f:4a:0e:88:
79:0a:6b:c6:4b:11:04:73:bd:79:a8:48:36:1f:38:a4:fa:4a:
ae:e5:71:f9:0d:00:8b:c4:3d:6a:44:2e:85:e2:dd:05:fc:61:
a7:92:bf:71:38:ad:ae:5f:06:c0:dc:53:da:ec:a4:85:bb:00:
2f:30:7b:d0:33:fd:01:c0:ed:9e:69:fe:5a:22:ab:cb:bb:07:
0d:0b:a7:eb:ef:45:0f:5f:7f:c9:d4:27:0a:27:94:f5:c4:de:
74:31:ef:7b:ac:ca:c4:20:0a:6d:9b:55:80:5f:ff:4a:8d:66:
e9:ae:aa:c7:7b:29:76:c8:99:de:e6:66:71:2f:cd:dd:79:45:
49:a8:28:db:0e:20:78:f2:18:df:3e:22:13:8f:07:05:bf:95:
21:bd:d3:0d:1c:a8:ca:39:04:a7:d9:e5:57:ef:48:b7:18:f5:
dc:25:76:2c:b0:fb:25:b2:cf:31:fe:71:a9:53:b9:d6:37:a5:
65:f6:0c:da:7e:3f:e4:87:78:7f:05:63:5d:67:a3:ad:50:47:
32:c8:a3:fb
如果上面的文字让您满意,那么只需发出:
$ openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com | \
openssl x509 -text -noout > certificate.txt
如果您想将其保存为 ASN.1/DER 或 PEM 格式的文件,而不是显示它(-text -noout
),请签出其他一些openssl x509
选项。